Loyalty card firm delayed reporting security fears

Some 39,000 Supervalu customers exposed while 4,000 people in Axa loyalty reward programme affected

More than 40,000 people in Ireland are now known to have had their financial details potentially compromised after an electronic security breach at a company which oversees rewards schemes run by Supervalu, Axa Insurance and Stena Line.

More than 40,000 people in Ireland are now known to have had their financial details potentially compromised after an electronic security breach at a company which oversees rewards schemes run by Supervalu, Axa Insurance and Stena Line.

Wed, Nov 6, 2013, 01:01

More than 40,000 people in Ireland are now known to have had their financial details potentially compromised after an electronic security breach at a company which oversees rewards schemes run by Supervalu, Axa Insurance and Stena Line.

39,000 Supervalu customers who bought its “getaway breaks” have been exposed while a further 4,000 people who were part of the insurance company’s loyalty reward programme which is also run by the Clare-based US-owned company Loyaltybuild have been affected.

The security breach has also led to some 50 Stena Line customers potentially exposed.

Loyaltybuild also manages loyalty schemes in Sweden, Norway and Italy and close to 100,000 people in those countries are now known to have had the security of their personal and payment card information compromised.

In a statement released to The Irish Times last night, Supervalu insisted that there was no information to suggest that any sensitive customer data had been obtained “as yet”.

It said that “as a precautionary measure” it was urging customers who had booked a getaway break recently to review their accounts and report any unusual activity or unsolicited communication connected with the deal to their bank. The “Getaway Breaks” booking system remains temporarily suspended.

Loyaltybuild has informed the Data Protection Commissioner of the potential breach, which was discovered on October 25th, and has stressed that all payment card information it holds is encrypted.

Details of the exact nature of the security breach remain sketchy and the company has said it has engaged the services of a firm of leading, international, online security experts,” a spokeswoman said.

“They are conducting a forensic investigation to help us identify whether any of our stored data was compromised, and, if so, to what extent,” a spokeswoman said.